package org.codehaus.groovy.grails.plugins.springsecurity;

import grails.util.GrailsUtil;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import net.sf.json.util.JSONUtils;
import org.apache.log4j.spi.LocationInfo;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityConfig;
import org.springframework.security.access.vote.AuthenticatedVoter;
import org.springframework.security.access.vote.RoleVoter;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.expression.WebSecurityExpressionHandler;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.security.web.util.AntUrlPathMatcher;
import org.springframework.security.web.util.UrlMatcher;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:embedded.war:WEB-INF/classes/org/codehaus/groovy/grails/plugins/springsecurity/AbstractFilterInvocationDefinition.class */
public abstract class AbstractFilterInvocationDefinition implements FilterInvocationSecurityMetadataSource, InitializingBean {
    private UrlMatcher _urlMatcher;
    private boolean _rejectIfNoRule;
    private RoleVoter _roleVoter;
    private AuthenticatedVoter _authenticatedVoter;
    private WebSecurityExpressionHandler _expressionHandler;
    protected static final Collection<ConfigAttribute> DENY = Collections.emptyList();
    private boolean _stripQueryStringFromUrls = true;
    private final Map<Object, Collection<ConfigAttribute>> _compiled = new LinkedHashMap();
    protected final Logger _log = LoggerFactory.getLogger(getClass());

    public void reset() throws Exception {
    }

    @Override // org.springframework.security.access.SecurityMetadataSource
    public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
        Assert.isTrue(obj != null && supports(obj.getClass()), "Object must be a FilterInvocation");
        try {
            Collection<ConfigAttribute> findConfigAttributes = findConfigAttributes(determineUrl((FilterInvocation) obj));
            return (findConfigAttributes == null && this._rejectIfNoRule) ? DENY : findConfigAttributes;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    protected abstract String determineUrl(FilterInvocation filterInvocation);

    protected boolean stopAtFirstMatch() {
        return false;
    }

    private Collection<ConfigAttribute> findConfigAttributes(String str) throws Exception {
        initialize();
        Collection<ConfigAttribute> collection = null;
        Object obj = null;
        boolean stopAtFirstMatch = stopAtFirstMatch();
        for (Map.Entry<Object, Collection<ConfigAttribute>> entry : this._compiled.entrySet()) {
            Object key = entry.getKey();
            if (this._urlMatcher.pathMatchesUrl(key, str) && (collection == null || this._urlMatcher.pathMatchesUrl(obj, (String) key))) {
                collection = entry.getValue();
                obj = key;
                if (this._log.isTraceEnabled()) {
                    this._log.trace("new candidate for '" + str + "': '" + key + "':" + collection);
                }
                if (stopAtFirstMatch) {
                    break;
                }
            }
        }
        if (this._log.isTraceEnabled()) {
            if (collection == null) {
                this._log.trace("no config for '" + str + JSONUtils.SINGLE_QUOTE);
            } else {
                this._log.trace("config for '" + str + "' is '" + obj + "':" + collection);
            }
        }
        return collection;
    }

    protected void initialize() throws Exception {
    }

    @Override // org.springframework.security.access.SecurityMetadataSource
    public boolean supports(Class<?> cls) {
        return FilterInvocation.class.isAssignableFrom(cls);
    }

    @Override // org.springframework.security.access.SecurityMetadataSource
    public Collection<ConfigAttribute> getAllConfigAttributes() {
        try {
            initialize();
        } catch (Exception e) {
            GrailsUtil.deepSanitize(e);
            this._log.error(e.getMessage(), (Throwable) e);
        }
        HashSet hashSet = new HashSet();
        Iterator<Collection<ConfigAttribute>> it = this._compiled.values().iterator();
        while (it.hasNext()) {
            hashSet.addAll(it.next());
        }
        return Collections.unmodifiableCollection(hashSet);
    }

    public void setUrlMatcher(UrlMatcher urlMatcher) {
        this._urlMatcher = urlMatcher;
        this._stripQueryStringFromUrls = this._urlMatcher instanceof AntUrlPathMatcher;
    }

    public void setRejectIfNoRule(boolean z) {
        this._rejectIfNoRule = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String lowercaseAndStripQuerystring(String str) {
        int indexOf;
        String str2 = str;
        if (getUrlMatcher().requiresLowerCaseUrl()) {
            str2 = str2.toLowerCase();
        }
        if (this._stripQueryStringFromUrls && (indexOf = str2.indexOf(LocationInfo.NA)) != -1) {
            str2 = str2.substring(0, indexOf);
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UrlMatcher getUrlMatcher() {
        return this._urlMatcher;
    }

    public Map<Object, Collection<ConfigAttribute>> getConfigAttributeMap() {
        return Collections.unmodifiableMap(this._compiled);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<String> split(String str) {
        if (!str.startsWith("ROLE_") && !str.startsWith("IS_")) {
            return Collections.singletonList(str);
        }
        String[] commaDelimitedListToStringArray = StringUtils.commaDelimitedListToStringArray(str);
        ArrayList arrayList = new ArrayList();
        for (String str2 : commaDelimitedListToStringArray) {
            String trim = str2.trim();
            if (trim.length() > 0) {
                arrayList.add(trim);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void compileAndStoreMapping(String str, List<String> list) {
        Object compile = getUrlMatcher().compile(str);
        Collection<ConfigAttribute> buildConfigAttributes = buildConfigAttributes(list);
        Collection<ConfigAttribute> storeMapping = storeMapping(compile, Collections.unmodifiableCollection(buildConfigAttributes));
        if (storeMapping != null) {
            this._log.warn("replaced rule for '" + compile + "' with roles " + storeMapping + " with roles " + buildConfigAttributes);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<ConfigAttribute> buildConfigAttributes(Collection<String> collection) {
        HashSet hashSet = new HashSet();
        for (String str : collection) {
            SecurityConfig securityConfig = new SecurityConfig(str);
            if (supports(securityConfig)) {
                hashSet.add(securityConfig);
            } else {
                hashSet.add(new WebExpressionConfigAttribute(this._expressionHandler.getExpressionParser().parseExpression(str)));
            }
        }
        return hashSet;
    }

    protected boolean supports(ConfigAttribute configAttribute) {
        return supports(configAttribute, this._roleVoter) || supports(configAttribute, this._authenticatedVoter) || configAttribute.getAttribute().startsWith("RUN_AS");
    }

    private boolean supports(ConfigAttribute configAttribute, AccessDecisionVoter accessDecisionVoter) {
        return accessDecisionVoter != null && accessDecisionVoter.supports(configAttribute);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<ConfigAttribute> storeMapping(Object obj, Collection<ConfigAttribute> collection) {
        return this._compiled.put(obj, collection);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void resetConfigs() {
        this._compiled.clear();
    }

    public Collection<ConfigAttribute> findMatchingAttributes(String str) {
        for (Map.Entry<Object, Collection<ConfigAttribute>> entry : this._compiled.entrySet()) {
            if (this._urlMatcher.pathMatchesUrl(entry.getKey(), str)) {
                return entry.getValue();
            }
        }
        return Collections.emptyList();
    }

    public void setRoleVoter(RoleVoter roleVoter) {
        this._roleVoter = roleVoter;
    }

    protected RoleVoter getRoleVoter() {
        return this._roleVoter;
    }

    public void setAuthenticatedVoter(AuthenticatedVoter authenticatedVoter) {
        this._authenticatedVoter = authenticatedVoter;
    }

    protected AuthenticatedVoter getAuthenticatedVoter() {
        return this._authenticatedVoter;
    }

    public void setExpressionHandler(WebSecurityExpressionHandler webSecurityExpressionHandler) {
        this._expressionHandler = webSecurityExpressionHandler;
    }

    protected WebSecurityExpressionHandler getExpressionHandler() {
        return this._expressionHandler;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.notNull(this._urlMatcher, "url matcher is required");
    }
}
